|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.x
The user initially receives a message of passcode accepted. The RSA Authentication Manager server log shows that the passcode was accepted and the node secret is sent to the agent. However, the second and subsequent authentication attempts fail with the RSA Authentication Manager server log showing the following message:
Node secret mismatch: cleared on agent but not on server.
|Cause||The error happens because the node secret cannot be written on the RSA Authentication Agent.|
This could be a user permissions or UAT issue. The user may not have rights to write to Winnt\System32 or the registry or disk on this computer.
RSA Authentication Agent 7.x for Windows writes the node secret file named securid to C:\Program Files\Common Files\RSA Shared\\Auth Data.
|Resolution||The node secret on an RSA Authentication Agent for Windows is named securid and is stored on the agent in C:\Program Files\Common Files\RSA Shared\\Auth Data.|
If the node secret was sent to the agent, but does not exist on the agent, the problem is that the node secret was not written to C:\Program Files\Common Files\RSA Shared\\Auth Data after it was sent to the agent. This indicates some type of permissions or privilege issue, or a locked down folder due to UAT.
The resolution would be to ensure that the node secret can be written to the C:\Program Files\Common Files\RSA Shared\\Auth Data directory, by doing one or more of the following:
|Workaround||As a workaround, turn off UAT or perform the initial authentication twice with an administrator account.|
|Legacy Article ID||a6362|